Wiki Markup |
---|
{scrollbar}
{excertp}This section is about how to administer certificates from console.{excerpt}
To administer SSL certificates the *Keystore Configuration* portlet is available by selecting *Keystore* on the *Console Navigation* menu on the left hand side. From this portlet you can either import an existing certificate or create a new certificate request.
!consoleKeystoreConfig.png!
The certificates in Geronimo are stored in a keystore located in * |
Excerpt |
---|
This section is about how to administer certificates from console. |
To administer SSL certificates the Keystore Configuration portlet is available by selecting Keystore on the Console Navigation menu on the left hand side. From this portlet you can either import an existing certificate or create a new certificate request.
The certificates in Geronimo are stored in a keystore located in <geronimo_home>\var\security\keystores\geronimo-default
...
.
...
If
...
you
...
want
...
to
...
use
...
a
...
different
...
keystore
...
other
...
than
...
the
...
one
...
provided
...
by
...
default
...
you
...
can
...
create
...
one
...
by
...
clicking
...
on
...
New
...
Keystore
...
.
...
You
...
will
...
be
...
prompted
...
with
...
a
...
keystore
...
name
...
and
...
a
...
password,
...
enter
...
those
...
values
...
and
...
click
...
Create
...
Keystore
...
,
...
for
...
this
...
example
...
we
...
entered
...
sample_keystore
...
and
...
password
...
respectively.
...
The
...
keystore
...
you
...
just
...
created
...
does
...
not
...
yet
...
contain
...
any
...
certificates
...
nor
...
key
...
as
...
depicted
...
in
...
the
...
following
...
figure.
...
Also
...
note
...
the
...
keystore
...
is
...
by
...
default
...
locked,
...
that
...
is
...
the
...
closed
...
lock
...
in
...
the
...
Available
...
column.
...
Once
...
you
...
create
...
the
...
certificate
...
you
...
will
...
need
...
to
...
click
...
on
...
the
...
lock
...
to
...
make
...
that
...
certificate
...
available,
...
you
...
will
...
be
...
prompted
...
with
...
the
...
passwords
...
for
...
the
...
keystore
...
and
...
certificate.
...
To create a private key click on the keys on the keystore you just created and then click on Create Private Key. Enter valid data in the appropriate field data.
Click on Review Key Data and then on Generate Key. You should now see the key you just generated listed in the Keystore Configuration portlet.
You now can use that certificate by configuring an HTTPS connector as described in
http://cwiki.apache.org/GMOxDOC22/adding-new-listeners-for-the-web-containers.html
...
.
...
Remember
...
to
...
make
...
the
...
certificate
...
and
...
keystore
...
available
...
by
...
clicking
...
on
...
the
...
"lock".
...
For
...
this
...
example
...
we
...
have
...
modified
...
the
...
existing
...
TomcatWebSSLConnector,
...
we
...
specified
...
the
...
new
...
keystore
...
and
...
saved
...
the
...
configuration.
...
For
...
this
...
configuration
...
to
...
take
...
effect
...
you
...
need
...
to
...
restart
...
the
...
connector.
...
Click
...
on
...
the
...
stop
...
link
...
corresponding
...
to
...
the
...
network
...
listener
...
you
...
just
...
updated,
...
in
...
this
...
case
...
TomcatWebSSLConnector,
...
and
...
then
...
click
...
on
...
start
...
.
...
Now
...
this
...
connector
...
is
...
using
...
the
...
new
...
keystore
...
and
...
certificate.
...
If you now point your browser to that particular port you should see the server is using the certificate you created previously. For this example, as we are using the existing SSL connector, we point the browser to:
https://localhost:8443/console
...